You are not logged in.
Hello everybody,
I had the marvelous idea to update my homeserver hardware and reinstall a fresh full encrypted Arch with btrfs and secure boot (disabled at the moment).
I managed to set up a BTRFS partition using subvolumes encased in a LUKS partition which is being decrypted during the boot process via password (relying on crypttab.initramfs).
Boot fails on timeout waiting for device /dev/gpt-auto-root (I think systemd-gpt-auto-generator is trying to find the root partition by its own)
Arch runs on linux-lts 6.6.30-1 with systemd 255.5-4
blkid
/dev/nvme0n1p1: UUID="3B0D-9023" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="esp" PARTUUID="12437bdc-ba2f-449a-b836-37ce89b1eeaf"
/dev/nvme0n1p2: UUID="4e96f4a6-f85d-486a-8d1d-74fdb1c73eb9" TYPE="crypto_LUKS" PARTLABEL="luks" PARTUUID="3e86ec5b-6bae-4126-91d6-926d5e41cb5d"
/dev/sdb2: SEC_TYPE="msdos" LABEL_FATBOOT="ARCHISO_EFI" LABEL="ARCHISO_EFI" UUID="5B0E-F324" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="e3fe56f2-02" // liveUSB
/dev/sdb1: BLOCK_SIZE="2048" UUID="2024-04-01-17-57-21-00" LABEL="ARCH_202404" TYPE="iso9660" PARTUUID="e3fe56f2-01" // liveUSB
/dev/loop0: BLOCK_SIZE="1048576" TYPE="squashfs"
/dev/mapper/linuxroot: LABEL="linuxroot" UUID="f3ed13ef-c84b-4193-9748-9b6d4f5acb9a" UUID_SUB="bc05d1ed-bb47-4295-931d-fe2b704df83a" BLOCK_SIZE="4096" TYPE="btrfs"btrfs subvolume list .
ID 256 gen 235 top level 5 path @
ID 257 gen 102 top level 5 path @home
ID 258 gen 200 top level 5 path @cache
ID 259 gen 201 top level 5 path @log
ID 260 gen 46 top level 5 path @tmp
ID 261 gen 44 top level 5 path @srv
ID 262 gen 11 top level 5 path @snapshots
ID 263 gen 46 top level 256 path var/lib/portables
ID 264 gen 46 top level 256 path var/lib/machineslsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 788.2M 1 loop
sda 8:0 0 1.7T 0 disk
sdb 8:16 1 7.5G 0 disk
├─sdb1 8:17 1 940M 0 part
└─sdb2 8:18 1 15M 0 part
nvme0n1 259:0 0 1.8T 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /efi
└─nvme0n1p2 259:2 0 1.8T 0 part
└─linuxroot 254:0 0 1.8T 0 crypt /.snapshots
/srv
/home
/var/tmp
/var/log
/var/cache
/
nvme1n1 259:3 0 3.7T 0 diskcat /etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a / btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@ 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /home btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@home 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /.snapshots btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@snapshots 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /var/cache btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@cache 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /var/log btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@log 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /var/tmp btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@tmp 0 0
UUID=f3ed13ef-c84b-4193-9748-9b6d4f5acb9a /srv btrfs rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvol=/@srv 0 0
UUID=3B0D-9023 /efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2efibootmrg
BootCurrent: 0003
Timeout: 1 seconds
BootOrder: 0000,0002,0003
Boot0000* Linux HD(1,GPT,12437bdc-ba2f-449a-b836-37ce89b1eeaf,0x800,0x100000)/EFI\Linux\arch-linux-lts.efi6c6162656c00417263682d6c696e75782d6c7473000000000000
Boot0002* Linux HD(1,GPT,12437bdc-ba2f-449a-b836-37ce89b1eeaf,0x800,0x100000)/EFI\Linux\arch-linux-lts-fallback.efi6c6162656c00417263682d6c696e75782d6c74732d66616c6c6261636b000000000000
Boot0003* UEFI: SanDisk Cruzer 7.01 PciRoot(0x0)/Pci(0x14,0x0)/USB(0,0)/USB(3,0)/CDROM(1,0x1d6000,0x1e000)0000424fcat /etc/mkinitcpio.d/linux-lts.preset
# mkinitcpio preset file for the 'linux-lts' package
ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux-lts"
PRESETS=('default' 'fallback')
#default_config="/etc/mkinitcpio.conf"
#default_image="/boot/initramfs-linux-lts.img"
default_uki="/efi/EFI/Linux/arch-linux-lts.efi"
default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
#fallback_config="/etc/mkinitcpio.conf"
#fallback_image="/boot/initramfs-linux-lts-fallback.img"
fallback_uki="/efi/EFI/Linux/arch-linux-lts-fallback.efi"
fallback_options="-S autodetect"cat /etc/mkinitcpio.cong
MODULES=(btrfs)
BINARIES=()
FILES=()
HOOKS=(base systemd keyboard autodetect microcode modconf kms sd-vconsole block sd-encrypt filesystems fsck)cat /etc/crypttab.initramfs
linuxroot UUID=4e96f4a6-f85d-486a-8d1d-74fdb1c73eb9 - password-echo=no,x-systemd.device-timeout=90,timeout=90,no-read-workqueue,no-write-workqueue,discardcat /etc/kernel/cmdline
root=/dev/mapper/linuxroot rootfstype=btrfs rootflags=subvol=/@ rw modprobe.blacklist=pcspkr zswap.enabled=0mount (chroot)
/dev/mapper/linuxroot on / type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=256,subvol=/@)
/dev/mapper/linuxroot on /var/cache type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=258,subvol=/@cache)
/dev/mapper/linuxroot on /var/log type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=259,subvol=/@log)
/dev/mapper/linuxroot on /var/tmp type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=260,subvol=/@tmp)
/dev/mapper/linuxroot on /home type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=257,subvol=/@home)
/dev/mapper/linuxroot on /srv type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=261,subvol=/@srv)
/dev/mapper/linuxroot on /.snapshots type btrfs (rw,noatime,compress-force=zstd:1,ssd,space_cache=v2,subvolid=262,subvol=/@snapshots)
/dev/nvme0n1p1 on /efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sys on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=16224288k,nr_inodes=4056072,mode=755,inode64)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,relatime,inode64)
run on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755,inode64)
tmp on /tmp type tmpfs (rw,nosuid,nodev,inode64)
run on /etc/resolv.conf type tmpfs (rw,nosuid,nodev,relatime,mode=755,inode64)I tried to set "systemd. gpt_auto=0" in the cmdline without any effect (thought by disabling systemd-gpt-auto-generator teh fstab would be used for mounting the root partition).
At the moment I'm not sure where to look, is it a fault in my BTRFS configuration or did I mess up the boot configuration (cmdline + crypttab.initramfs).
Did anybody have a similar problem with a btrfs root partition?
Last edited by Corpswalker (2024-05-06 07:49:51)
Offline
I solved it!
First the steps I did before finding the reason:
1. I read every article about BTRFS and UKI, checked with lsinitcpio the content of the UKIs in /efi (aka. ESP partition): btrfs module was included, with mkinitcpio -Pv I could see that the cmdline was being used in the process. Still no idea how to pinpoint the issue, but the fact that I had a waiting step for /dev/gpt-auto-root which I couldn't disable with systemd.gpt_auto=0 nor rd.systemd.gpt_auto=0 in cmdline made me wonder if my kernel parameter were being ignored at all!
2. I deleted the crypttab.initramfs file and added sd-encrypt arguments to the cmdline in order to test if my cmdline was being used at boot: boot ignored any changes on my cmdline file!
3. I tried to use /etc/cmdline.d/*.conf approach to create kernel parameters: didn't work either.
4. I did a lot of research about kernel parameters and their handling when booting initramfs and kernel: I found one post mentioned that kernel parameter are being overwritten by grub/systemd-boot parameter (when passing from initramfs to kernel loading).
5. In secure boot only kernel parameter are accepted while boot parameter are ignored (since they are not part of the signed UKI.efi). I remembered that I didn't pass any boot parameter (specifically the root= and rootflags=) while creating the EFISTUB entries, therefore I tried to activate secure boot.
6. Booting in secure boot the efistub parameter were not taken into account and therefor the embedded kernel parameter were kept in place: instead of /dev/gpt-auto-root now the /dev/mapper/linuxroot was being looked for (as specified in the kernel settings): the kernel parameter led to the right root partition.
Here are the files I changed in the meantime.
/etc/cmdline.d/root.conf
rd.luks.name=4e96f4a6-f85d-486a-8d1d-74fdb1c73eb9=linuxroot rd.luks.options=timeout=90s,discard,password-echo=no,tries=3 root=/dev/mapper/linuxroot rootfstype=btrfs rootflags=subvol=/@ rw /etc/kernel/cmdline
loglevel=3 noresume/etc/kernel/cmdline_fallback
loglevel=4/etc/mkinitcpio.d/linux-lts.preset
# mkinitcpio preset file for the 'linux-lts' package
ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux-lts"
PRESETS=('default' 'fallback')
#default_config="/etc/mkinitcpio.conf"
#default_image="/boot/initramfs-linux-lts.img"
default_uki="/efi/EFI/Linux/arch-linux-lts.efi"
default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
#fallback_config="/etc/mkinitcpio.conf"
#fallback_image="/boot/initramfs-linux-lts-fallback.img"
fallback_uki="/efi/EFI/Linux/arch-linux-lts-fallback.efi"
fallback_options="-S autodetect --cmdline /etc/kernel/cmdline_fallback"Last edited by Corpswalker (2024-05-06 10:17:41)
Offline